Jann Horn

81 exploits Active since May 2015
CVE-2019-2215 EXPLOITDB HIGH ruby WORKING POC
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
CVSS 7.8
CVE-2018-9488 EXPLOITDB HIGH text WORKING POC
Android 8.0-9.0 - Incorrect Authorization in SELinux crash_dump.te Permissions
In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376.
CVSS 7.8
CVE-2017-13209 EXPLOITDB HIGH text WORKING POC
Android 8.0-8.1 - Unauthenticated Missing Authorization in ServiceManager::add
In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217907.
CVSS 7.8
EIP-2026-100029 EXPLOITDB text WORKING POC
Google Android - Insufficient Binder Message Verification Pointer Leak
CVE-2018-9515 EXPLOITDB HIGH text WORKING POC
Android - Memory Corruption in sdcardfs inode Operations
In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A
CVSS 7.8
EIP-2026-100056 EXPLOITDB text WRITEUP
Google Android - RKP EL1 Code Loading Bypass